Register AWS EKS Cluster

PreviousRegister Kubeadm Cluster NextEKS Cluster with public or public/private access point

Last updated 16 days ago

Register AWS EKS Cluster

In case of gopaddle community edition, the installer automatically registers the local Kubernetes cluster in gopaddle. Upon upgrading the community edition to paid version, you can register additional clusters to gopaddle and start managing the clusters centrally from the gopaddle dashboard.

In case of SaaS or Enterprise edition, this section needs to be followed to register a cluster

If you already have a managed Kubernetes cluster like Amazon EKS or Azure AKS or an on-premise Kubernetes cluster, you can register and manage the cluster in gopaddle.

Supported Kubernetes versions: v1.31

Currently gopaddle uses SSH tunnel via Bastion Host to connect to an all private Kubernetes access type. This requires the SSH port on Bastion Host to be opened to the public internet. In case of AWS EKS clusters, gopaddle is working on a Secure Systems Manager (SSM) session based tunnelling to connect to an all private EKS cluster. This is a work in progress and will be rolled out in future releases.

Registering an AWS EKS Cluster with gopaddle

Create an IAM User with least privileges. Let's call this User as the - gopaddle IAM User whose credentials will be used to register the EKS cluster with gopaddle.
1. Create an IAM policy with the least privileges as defined ;
2. Create an IAM User with programmatic API access and associate the IAM policy defined.
3. Grab the Access Key and the Secret Key of the IAM User. These credentials will be used to register the EKS Cluster in gopaddle.
Connect to the Kubernetes API server in your local desktop environment and update the Kubernetes Role Based Access Control (RBAC) to allow the gopaddle IAM User to access the Kubernetes resources.
1. in your local environment
2. kubectl in your local environment
3. Connect to your EKS Cluster using AWS CLI
In the AWS console, select the EKS cluster. Under the "Access" tab, add the access policy to the gopaddle IAM User created in step 1. Provide the "AmazonEKSClusterAdminPolicy" for the access scope to "Cluster". Click "Add access policy" and save.
In the gopaddle UI, navigate to the Environments section
Click on Add a Cluster and select Register an external Cluster
In the General Step, ensure the Cluster Name is same as the EKS cluster name in the AWS Console and choose the Cluster Provider as AWS.
In the Authentication Step, provide the gopaddle IAM User access credentials and the cluster access details.
1. For an EKS cluster with public and public/private access endpoint - Provide the Certificate Authority data, the gopaddle IAM User credentials created in step 1, the EKS cluster endpoint and the ARN details.
2. For an EKS cluster with private access endpoint - Skip TLS Verification and provide the gopaddle IAM User credentials created in step 1, the EKS cluster endpoint and the ARN details.
In the Bastion Host Step, either skip or configure the bastion host details based on the EKS cluster access type.
1. For an EKS cluster with public and public/private access endpoint - In the Bastion Host Step, skip the Use Bastion Host ? configuration and click on Finish.
2. For an EKS cluster with private access endpoint - Provide the bastion host public IP, SSH port, upload the bastion host PEM file and click on Finish.

Firewall Access

gopaddle connects with the Kubernetes cluster using the Kubernetes API server endpoint specified at the time of registration. Hence ensure that the INBOUND firewall ports are open for the kubernetes master IP and the port for INGRESS type for global CIDR (0.0.0.0/0).

In case of registering the cluster via Bastion Host, ensure that the SSH tunnel port is opened for the SSH server IP and port for INGRESS type for global CIDR (0.0.0.0/0).

PreviousRegister Kubeadm Cluster NextEKS Cluster with public or public/private access point

Last updated 16 days ago

In case of SaaS or Enterprise edition, this section needs to be followed to register a cluster

If you already have a managed Kubernetes cluster like Amazon EKS or Azure AKS or an on-premise Kubernetes cluster, you can register and manage the cluster in gopaddle.

Supported Kubernetes versions: v1.31

Registering an AWS EKS Cluster with gopaddle

Create an IAM User with least privileges. Let's call this User as the - gopaddle IAM User whose credentials will be used to register the EKS cluster with gopaddle.
1. Create an IAM policy with the least privileges as defined ;
2. Create an IAM User with programmatic API access and associate the IAM policy defined.
3. Grab the Access Key and the Secret Key of the IAM User. These credentials will be used to register the EKS Cluster in gopaddle.
Connect to the Kubernetes API server in your local desktop environment and update the Kubernetes Role Based Access Control (RBAC) to allow the gopaddle IAM User to access the Kubernetes resources.
1. in your local environment
2. kubectl in your local environment
3. Connect to your EKS Cluster using AWS CLI
In the AWS console, select the EKS cluster. Under the "Access" tab, add the access policy to the gopaddle IAM User created in step 1. Provide the "AmazonEKSClusterAdminPolicy" for the access scope to "Cluster". Click "Add access policy" and save.
In the gopaddle UI, navigate to the Environments section
Click on Add a Cluster and select Register an external Cluster
In the General Step, ensure the Cluster Name is same as the EKS cluster name in the AWS Console and choose the Cluster Provider as AWS.
In the Authentication Step, provide the gopaddle IAM User access credentials and the cluster access details.
1. For an EKS cluster with public and public/private access endpoint - Provide the Certificate Authority data, the gopaddle IAM User credentials created in step 1, the EKS cluster endpoint and the ARN details.
2. For an EKS cluster with private access endpoint - Skip TLS Verification and provide the gopaddle IAM User credentials created in step 1, the EKS cluster endpoint and the ARN details.
In the Bastion Host Step, either skip or configure the bastion host details based on the EKS cluster access type.
1. For an EKS cluster with public and public/private access endpoint - In the Bastion Host Step, skip the Use Bastion Host ? configuration and click on Finish.
2. For an EKS cluster with private access endpoint - Provide the bastion host public IP, SSH port, upload the bastion host PEM file and click on Finish.

Firewall Access

In case of registering the cluster via Bastion Host, ensure that the SSH tunnel port is opened for the SSH server IP and port for INGRESS type for global CIDR (0.0.0.0/0).